Linux Forensics Tools Repository: Package Summary for Packages on July 29, 2011:

  • md5deep-3.9.2-1.{fc12,fc13,fc14,fc15,el5,el6}.{i386,x86_64}.rpm - This package was updated to reflect the new version of md5deep.
  • yaf{,-devel}-2.1.0-1.{fc12,fc13,fc14,fc15,el5,el6}.{i386,x86_64}.rpm - Yaf is Yet Another Flowmeter and yaf is a suite of tools to do flow metering. yaf is used as a sensor to capture flow information on a network and export that information in IPFIX format. It reads packet data from pcap(3) dumpfiles as generated by tcpdump(1), from live capture from an interface using pcap(3), an Endace DAG capture device, or a Napatech adapter, aggregates these packets into flows, and exports flow records via IPFIX over SCTP, TCP or UDP, Spread, or into serialized IPFIX message streams (IPFIX files) on the local file system. Here are the changes in this version:
    • New Information Element exported in every flow record, flowAttributes (CERT PEN 6871, IE 40).
    • YAF now checks if a flow has fixed-size packets and exports this flag using the new flowAttributes Information Element (see yaf)
    • Reset Application Label on UDP-uniflows for Deep Packet Inspection
    • Fixed yafscii invalid parameter bug that may have existed on certain platforms
    • Added VNC (RFB Protocol) application label
    • DPI Enhancements
    • FlowEndReason IPFIX field is now set to 31 for udp-uniflows
    • For Cygwin: Added support for getting the yaf config directory via the Windows Registry
    • Several other bug fixes